/
Contact usSee pricingStart building

    About B2B Saas Authentication

    Introduction
    Stytch B2B Basics
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Next.js
      Routing
      Authentication
      Sessions
    Migrations
      Overview
      Reconciling data models
      Migrating user data
      Additional migration considerations
      Zero-downtime deployment
      Defining external IDs for members
      Exporting from Stytch
    Custom Domains
      Overview

    Authentication

    Single Sign On

    • Resources

        • Overview
        External SSO Connections
        Standalone SSO

    • Integration Guides

        • Start here
        Backend integration guide
        Headless integration guide
        Pre-built UI integration guide
    OAuth

    • Resources

        • Overview
        Authentication flows
        Identity providers
        Google One Tap
        Provider setup

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Connected AppsBeta
      Setting up Connected Apps
      About Remote MCP Servers

    • Resources

        • Integrate with AI agents
        Integrate with a remote MCP server
    Sessions

    • Resources

        • Overview
        JWTs vs Session Tokens
        How to use Stytch JWTs
        Custom Claims

    • Integration Guides

        • Start here
        Backend integration
        Frontend integration
    Email OTP
      Overview
    Magic Links

    • Resources

        • Overview
        Email Security Scanner Protections

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Multi-Factor Authentication

    • Resources

        • Overview

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Passwords
      Overview
      Strength policies
    UI components
      Overview
      Implement the Discovery flow
      Implement the Organization flow
    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0

    Authorization & Provisioning

    RBAC

    • Resources

        • Overview
        Stytch Resources & Roles
        Role assignment

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
    SCIM

    • Resources

        • Overview
        Supported actions

    • Integration Guides

        • Using Okta
        Using Microsoft Entra
    Organizations
      Managing org settings
      JIT Provisioning

    Testing

    E2E testing
    Sandbox values
Get support on SlackVisit our developer forum

Contact us

B2B Saas Authentication

/

Guides

/

Authentication

/

UI components

/

Implement the Organization flow

Implement the Organization flow using Stytch UI components

Our JavaScript SDK provides pre-built UI components that allow you to add a B2B Organization-specific authentication flow to your application, which we'll demonstrate how to implement in this guide. For high-level information about our B2B UI component flows, see the Pre-built B2B UI components overview.

At the end of this guide, you'll have a working Organization-specific authentication flow that allows users to log into an Organization that they belong to using Email Magic Links, OAuth, SSO, or Passwords. We'd recommend using this guide in tandem with our B2B frontend SDK example app, which provides a working example of the pre-built UI component Organization flow.

Required Setup

Create a Stytch B2B project via the Stytch Dashboard if you don't have one already. To do so, click on your existing project name in top left corner of the Dashboard, click Create a new project, and then select B2B Authentication.

Copy your public_token from the Test environment tab in the API keys section of the Stytch Dashboard. You'll need to include your public_token when instantiating the Stytch SDK client.

Finally, navigate to the Frontend SDKs tab in the Stytch Dashboard and enable the authentication products that you're interested in adding to your application (in this guide, we'll use Email Magic Links, OAuth, SSO, and Passwords).

2
Add the pre-built UI component to your login page

UI component at the beginning of the Organization flow

First, you'll need to add our pre-built B2B UI component to your Organization-specific login page. The UI component is commonly hosted on an Organization-specific login URL that contains the Organization's slug (unique identifer) – for example, https://yourdomain.com/example-org/login, where example-org is the Organization slug.

If the Organization slug is included in your URL structure, you'll need to specify where our JavaScript SDK should look for it by adding an Organization URL template in the Domains section of the Frontend SDKs tab in the Stytch Dashboard. Using the URL examples above, your Organization URL template would look like https://yourdomain.com/{{slug}}/login.

Alternatively, if you'd prefer not to set up an Organization URL template, you can pass the desired Organization slug directly into the UI component via the config.organizationSlug parameter.

In your UI component config, you'll also need to specify an authFlowType of Organization, along with your desired product and session options.

The signupRedirectURL and loginRedirectURL values that you provide should point to the URL(s) where the authentication flow will be completed (in other words, where users will be redirected to after clicking on the Email Magic Link or completing the OAuth/ SSO flow). You may specify different signupRedirectURL and loginRedirectURL values if you'd like to send new users through a signup flow hosted on a different path – for example, https://yourdomain.com/signup and https://yourdomain.com/login.

For the Passwords product, the loginRedirectURL value determines where users will be redirected to upon clicking the "Log in without password" button in password reset emails. The resetPasswordRedirectURL value determines where users will be redirected upon clicking the "Reset password" button in password reset emails.

The sessionDurationMinutes parameter in the sessionOptions object determines how long the resulting session will be valid for after the user successfully authenticates. For the purposes of this guide, we'll set the session duration to 60 minutes.

Here's an example config object:

var config = {
  authFlowType: "Organization",
  products: ['emailMagicLinks', 'oauth', 'sso', 'passwords'],
  emailMagicLinksOptions: {
    signupRedirectURL: "https://example.com/signup",
    loginRedirectURL: "https://example.com/login"
  },
  oauthOptions: {
    signupRedirectURL: "https://example.com/signup",
    loginRedirectURL: "https://example.com/login"
    providers: ['google']
  },
  ssoOptions: {
    loginRedirectURL: "https://example.com/signup",
    signupRedirectURL: "https://example.com/login"
  },
  passwordOptions: {
    loginRedirectURL: "https://example.com/login",
    resetPasswordRedirectURL: "https://example.com/resetPassword",
    resetPasswordExpirationMinutes: 20
  },
  sessionOptions: {
    sessionDurationMinutes: 60
  },
};

The mechanics of creating the component and adding it to your login page differ depending on the framework you're using. We'd recommend checking out our UI config reference for both HTML and React example code snippets.

In our B2B SDK example app, we create the Organization UI component here and add it to our Organization-specific login page here.

3
Relaunch the pre-built UI component

Once the user is redirected back to your application, you'll need to relaunch the pre-built UI component in order to handle the rest of the authentication flow. You can use the same config object as in Step 2.

In our B2B SDK example app, we relaunch the pre-built UI component here. Note that in the example app, the Organization-specific flow and the Discovery flow share a route (/authenticate) to handle the redirect. Because of this, the UI component is relaunched with the Discovery flow's config object instead of the Organization flow's config object. This is a valid option if you'd like to have one single page to handle all of your application's authentication redirects.

Once the pre-built UI component has been relaunched, it will automatically call the appropriate authenticate method to finish the authentication flow. At this point, a session_token and a session_jwt for the user's Organization will be present in the browser cookies, and you'll be able to retrieve session data and Member data via the SDK.

Note that if the user chooses the Passwords flow, no redirect will occur during authentication. Instead, authentication will be completed on the original login page.

What's next?

You'll now have a working Organization authentication flow that will allow your users to log into their desired Organization.

Next, you may want to offer a Discovery flow as well, for users who log in via a generic login page rather than an Organization-specific URL.

See also

Check out our UI config reference for a full list of supported UI configuration options. You can also play around with UI styling on the component playground.

Required Setup

2.

Add the pre-built UI component to your login page

3.

Relaunch the pre-built UI component

What's next?

See also